#!/bin/bash

# 自建ca
openssl req -nodes -new -x509 -days 36500 -keyout ca-key.pem -out ca-cert.pem -subj "/CN=netease-scud-ca/C=CN/ST=ZheJiang/L=HangZhou/O=netease-scud"

# 生成服务端证书

openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out cert.csr -subj "/CN=scud-admission-server/C=CN/ST=ZheJiang/L=HangZhou/O=netease-scud" -config {{ cluster_name }}-openssl-for-webhook.conf
openssl x509 -req -in cert.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -days 36500 -extensions v3_req -extfile {{ cluster_name }}-openssl-for-webhook.conf
openssl x509 -in cert.pem -noout -text


kubectl -n {{ scud.namespace }} --kubeconfig=/etc/kubernetes/{{ cluster_name }}/admin.conf delete secret scud-admission-server ; \
kubectl -n {{ scud.namespace }} --kubeconfig=/etc/kubernetes/{{ cluster_name }}/admin.conf create secret generic scud-admission-server --from-file=ca-cert.pem --from-file=ca-key.pem --from-file=cert.pem --from-file=key.pem
